A vulnerability has been reported in Namazu, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Input passed in certain character encodings (e.g. UTF-7) to
namazu.cgi is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
The vulnerability is reported in versions prior to 2.0.18.
ORIGINAL ADVISORY:
JVN: http://jvn.jp/jp/JVN%2300892830/index.html
Namazu: http://www.namazu.org/security.html.eniubvg